Authentication, Authorization and Accounting Debug Commands on Cisco IOS XR Software

Table Of Contents

Authentication, Authorization, and Accounting Debug Commands on Cisco IOS XR Software

debug aaa

debug acctd

debug locald

debug login

debug radius

debug tacacs

debug task

Authentication, Authorization, and Accounting Debug Commands on Cisco IOS XR Software

---

This chapter describes the Cisco IOS XR software authentication, authorization, and accounting (AAA) debug commands.

For high-level, conceptual information about using debug commands generally, see Using Debug Commands on Cisco IOS XR Software, Release 3.6.0.

debug aaa

To display authentication, authorization, and accounting (AAA) information originating from applications using AAA, use the debug aaa command in EXEC mode. To disable debugging output, use the no form of this command.

debug aaa {accounting | all | authentication | authorization | comm | configuration | detail | task}

no debug aaa {accounting | all | authentication | authorization | comm | configuration | detail | task}

Syntax Description

accounting	Displays accounting debug information from AAA applications.
all	Displays all debug information from AAA applications.
authentication	Displays authentication debug information from AAA applications.
authorization	Displays debug information for AAA authorization.
comm	Displays information related to connections made between the AAA applications and AAA daemon (locald).
configuration	Displays debug information related configuration of AAA parameters.
detail	Displays additional debug information. Use this keyword when other debug commands are not sufficiently helpful.
task	Displays debug information related to task ID processing.

Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release	Modification
Release 2.0	This command was introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was supported on the Cisco XR 12000 Series Router.
Release 3.3.0	No modification.
Release 3.4.0	No modification.
Release 3.5.0	No modification.
Release 3.6.0	No modification.
Release 3.7.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

The information displayed by the debug aaa command accounting keyword is independent of the accounting protocol used to transfer the accounting information to a server.

Use the authentication and authorization keywords to display the authentication and authorization methods in use and the results of these methods.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

---

Note To view the debug information about how the system is processing AAA requests, use the debug locald commands.

---

Task ID

Task ID	Operations
aaa	read

Examples

The following example shows how to enable debug information for AAA accounting and the resulting show output:

RP/0/RP0/CPU0:router# debug aaa accounting

RP/0/RP0/CPU0:router# show run

RP/0/RP0/CPU0:Aug 18 01:11:17.613: exec[65686]: Composing an message for service CMD

RP/0/RP0/CPU0:Aug 18 01:11:17.646: exec[65686]: Sending request message to the server

RP/0/RP0/CPU0:Aug 18 01:11:17.732: exec[65686]: Interpreting the reply from the server

RP/0/RP0/CPU0:Aug 18 01:11:18.391: nvgen[65723]: Getting details on ttyname '/dev/con0'

Related Commands

Command	Description
debug radius / debug tacacs	Provides detailed information about protocol-level activities.
debug locald	Provides detailed information about AAA processing.
show accounting	Displays accounting information.

debug acctd

To enable debugging for basic acctd processes, use the debug acctd command in EXEC mode. To disable debugging output, use the no form of this command.

debug acctd [configuration | detail]

no debug acctd [configuration | detail]

Syntax Description

configuration	Displays accounting configuration debug information.
detail	Displays detailed accounting debug information.

Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release	Modification
Release 3.5.0	This command was supported on the Cisco XR 12000 Series Router.
Release 3.6.0	No modification.
Release 3.7.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID	Operations
aaa	read

Examples

The following example shows how to enable debug information for acctd processes and the resulting show output:

RP/0/0/CPU0:router# debug acctd

RP/0/0/CPU0:router# debug acctd detail

RP/0/0/CPU0:Feb 23 02:47:46.000 : acctd[373]: Transmitting records for session system (0 
records)

RP/0/0/CPU0:Feb 23 02:47:46.000 : acctd[373]: Stop Periodic Timer for sess 14, 

RP/0/0/CPU0:Feb 23 02:47:46.001 : acctd[373]: Transmitting records for session 14 (2 
records)

RP/0/0/CPU0:Feb 23 02:47:46.001 : acctd[373]: Attempt to send record 1, svc:ike 
option:UPDATE flags:UPDATE uflag:Stop pid:504031 sid:14

RP/0/0/CPU0:Feb 23 02:47:46.001 : acctd[373]: Managing update for id:1 service:ike 
options:UPDATE uflag:Stop utype:Periodic pid:504031 sid:14

RP/0/0/CPU0:Feb 23 02:47:46.001 : acctd[373]: Attempt to send record 1, svc:ike 
option:STOP flags:INIT uflag:Stop pid:504031 sid:14

RP/0/0/CPU0:Feb 23 02:47:46.001 : acctd[373]: Managing update for id:1 service:ike 
options:STOP uflag:Stop utype:Periodic pid:504031 sid:14

Related Commands

Command	Description
debug radius / debug tacacs	Provides detailed information about protocol-level activities.
debug locald	Provides detailed information about AAA processing.
show accounting	Displays accounting information.

debug locald

To display debug information about AAA request processing by the AAA daemon (locald), use the debug locald command in EXEC mode. To disable debugging output, use the no form of this command.

debug locald {accounting | authentication | authorization | configuration | connections | db | detail}

no debug locald {accounting | authentication | authorization | configuration | connections | db | detail}

Syntax Description

accounting	Displays locald accounting debug information.
authentication	Displays locald authentication debug information.
authorization	Displays locald authorization debug information.
configuration	Displays locald configuration debug information.
connections	Displays locald connection debug information.
db	Displays local database debug information.
detail	Displays detailed local database processing information.

Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release	Modification
Release 2.0	This command was introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was supported on the Cisco XR 12000 Series Router.
Release 3.3.0	Corrected command line for missing keyword authorization and changed spelling of keyword connections.
Release 3.4.0	No modification.
Release 3.5.0	No modification.
Release 3.6.0	No modification.
Release 3.7.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID	Operations
aaa	read

Examples

The following example shows how to enable debug information for locald accounting and the resulting show output:

RP/0/RP0/CPU0:router# debug locald accounting

RP/0/RP0/CPU0:router# show run

RP/0/RP0/CPU0:Aug 18 01:13:01.968: locald[233]: Interpreting the request message

RP/0/RP0/CPU0:Aug 18 01:13:01.993: locald[233]: Getting the methods from 
accounting/commands/default

RP/0/RP0/CPU0:Aug 18 01:13:02.026: locald[233]: Adding session cisco0/dev/con05 with key 
cisco0/dev/con05 to acct btree

RP/0/RP0/CPU0:Aug 18 01:13:02.026: locald[233]: Session cisco0/dev/con05 - add req 8055b3c 
to recordsQ, size 1

RP/0/RP0/CPU0:Aug 18 01:13:02.027: locald[233]: Create timer for request id 51

RP/0/RP0/CPU0:Aug 18 01:13:02.027: locald[233]: Session system has no records to send

RP/0/RP0/CPU0:Aug 18 01:13:02.027: locald[233]: Session cisco0/dev/con05 recordsQ size 1, 
peek 8055b3c

RP/0/RP0/CPU0:Aug 18 01:13:02.027: locald[233]: Using method <unknown method value> (2001)

RP/0/RP0/CPU0:Aug 18 01:13:02.307: locald[233]: Got account delivery confirmationfor 
session 51

RP/0/RP0/CPU0:Aug 18 01:13:02.308: locald[233]: Session system has no records to send

RP/0/RP0/CPU0:Aug 18 01:13:02.308: locald[233]: Session cisco0/dev/con05 has no records to 
send

RP/0/RP0/CPU0:Aug 18 01:13:02.308: locald[233]: Removing session cisco0/dev/con05 with key 
cisco0/dev/con05 from acct btree

debug login

To display login information, use the debug login command in EXEC mode. To disable debugging output, use the no form of this command.

debug login [detail]

no debug login [detail]

Syntax Description

detail

(Optional) Displays more detailed login AAA processes.

Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release	Modification
Release 2.0	This command was introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was supported on the Cisco XR 12000 Series Router.
Release 3.3.0	No modification.
Release 3.4.0	No modification.
Release 3.5.0	No modification.
Release 3.6.0	No modification.
Release 3.7.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID	Operations
aaa	read

Examples

The following example shows how to enable debugging login AAA information:

RP/0/RP0/CPU0:router# debug login

debug radius

To display information associated with remote authentication dial-in user service (RADIUS), use the debug radius command in EXEC mode. To disable debugging output, use the no form of this command.

debug radius {accounting | authentication | authorization | configuration | detail | io}

no debug radius {accounting | authentication | authorization | configuration | detail | io}

Syntax Description

accounting	Displays RADIUS accounting debug information.
authentication	Displays RADIUS authentication debug information.
authorization	Displays RADIUS authorization debug information.
configuration	Displays RADIUS configuration debug information.
detail	Displays detailed RADIUS AAA processing debug information.
io	Displays RADIUS I/O messages.

Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release	Modification
Release 2.0	This command was introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was supported on the Cisco XR 12000 Series Router.
Release 3.3.0	The io keyword was added.
Release 3.4.0	No modification.
Release 3.5.0	No modification.
Release 3.6.0	No modification.
Release 3.7.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID	Operations
aaa	read

Examples

The following example shows debug outputs from RADIUS when logging in from VTY with RADIUS authentication configured:

RP/0/RP0/CPU0:router# debug radius

RP/0/RP0/CPU0:router# show debug all

####  debug flags set from tty 'con0_0_CPU0'  ####

radius basic flag is ON

RP/0/RP0/CPU0:router #RP/0/RP0/CPU0:Aug 18 01:16:24.735: radiusd[267]: [7] Received ASCII 
LOGIN/LOGIN from <unknown> with user=, ifh=0x0, tty=/dev/vty0

RP/0/RP0/CPU0:Aug 18 01:16:24.736: radiusd[267]: Sending sync reply (status GETUSER) to 
the client

RP/0/RP0/CPU0:Aug 18 01:16:27.857: radiusd[267]: [7] Received ASCII LOGIN/LOGIN from 
<unknown> with user=user1, ifh=0x0, tty=/dev/vty0

RP/0/RP0/CPU0:Aug 18 01:16:27.858: radiusd[267]: Sending sync reply (status GETPASS) to 
the client

RP/0/RP0/CPU0:Aug 18 01:16:29.584: radiusd[267]: [7] Received ASCII LOGIN/LOGIN from 
<unknown> with user=user1, ifh=0x0, tty=/dev/vty0

RP/0/RP0/CPU0:Aug 18 01:16:29.585: radiusd[267]: method = server group map # 1003

RP/0/RP0/CPU0:Aug 18 01:16:29.587: radiusd[267]: Using server group vanquish-rad

RP/0/RP0/CPU0:Aug 18 01:16:29.591: radiusd[267]: Checking server 12.26.37.2 ...

RP/0/RP0/CPU0:Aug 18 01:16:29.621: radiusd[267]: Added standard attribute NAS-IP-Address = 
12.22.57.4

RP/0/RP0/CPU0:Aug 18 01:16:29.626: radiusd[267]: Added standard attribute NAS-Port = 130

RP/0/RP0/CPU0:Aug 18 01:16:29.628: radiusd[267]: Added standard attribute NAS-Port-Type = 
0 0 0 5 ...

RP/0/RP0/CPU0:Aug 18 01:16:29.630: radiusd[267]: Added standard attribute User Password = 
*

RP/0/RP0/CPU0:Aug 18 01:16:29.631: radiusd[267]: RADIUS: Initial Transmit id 28 (16) 
12.26.37.2:0, Access-Request, len 64

RP/0/RP0/CPU0:Aug 18 01:16:29.635: radiusd[267]: Attribute User Name = user1^D

RP/0/RP0/CPU0:Aug 18 01:16:29.638: radiusd[267]: Attribute NAS-IP-Address = 12.22.57.4

RP/0/RP0/CPU0:Aug 18 01:16:29.639: radiusd[267]: Attribute NAS-Port = 130

RP/0/RP0/CPU0:Aug 18 01:16:29.640: radiusd[267]: Attribute NAS-Port-Type = 0 0 0 5 ...

RP/0/RP0/CPU0:Aug 18 01:16:29.643: radiusd[267]: Attribute User Password = *

RP/0/RP0/CPU0:Aug 18 01:16:29.649: radiusd[267]: Sent request to 12.26.37.2

RP/0/RP0/CPU0:Aug 18 01:16:29.662: radiusd[267]: Received response from 12.26.37.2

RP/0/RP0/CPU0:Aug 18 01:16:29.663: radiusd[267]: RADIUS: Received id 28 (16) 12.26.37.2:0, 
Access-Accept, len 118

RP/0/RP0/CPU0:Aug 18 01:16:29.665: radiusd[267]: Attribute Reply-Message = Hello, is this 
the red pill or the blue one?, user1^O

RP/0/RP0/CPU0:Aug 18 01:16:29.666: radiusd[267]: Attribute Login-Service = 0 0 0 0 ...

RP/0/RP0/CPU0:Aug 18 01:16:29.669: radiusd[267]: Attribute Service-Type = EXEC

RP/0/RP0/CPU0:Aug 18 01:16:29.671: radiusd[267]: Attribute 26, len 32, vendor-id 9, vtype 
1, vlen 26, value "shell:tasks=#root-system"

RP/0/RP0/CPU0:Aug 18 01:16:29.673: radiusd[267]: Saved authorization data for user user1

RP/0/RP0/CPU0:Aug 18 01:16:29.677: radiusd[267]: Sending sync reply (status PASS) to the 
client

RP/0/RP0/CPU0:Aug 18 01:16:30.004: radiusd[267]: [0] Received ACCT START/EXEC from 
<unknown> with user=user1, ifh=0x0, tty=/dev/vty0

RP/0/RP0/CPU0:Aug 18 01:16:30.005: radiusd[267]: method = server group map # 1003

RP/0/RP0/CPU0:Aug 18 01:16:30.006: radiusd[267]: Using server group vanquish-rad

RP/0/RP0/CPU0:Aug 18 01:16:30.009: radiusd[267]: Checking server 12.26.37.2 ...

RP/0/RP0/CPU0:Aug 18 01:16:30.012: radiusd[267]: Selected server 12.26.37.2

RP/0/RP0/CPU0:Aug 18 01:16:30.013: radiusd[267]: Added standard attribute User Name = 
user1

RP/0/RP0/CPU0:Aug 18 01:16:30.029: radiusd[267]: Added standard attribute NAS-IP-Address = 
12.22.57.4

RP/0/RP0/CPU0:Aug 18 01:16:30.031: radiusd[267]: Added standard attribute Service-Type = 
EXEC

RP/0/RP0/CPU0:Aug 18 01:16:30.032: radiusd[267]: Added standard attribute Acct-Status-Type 
= 0 0 0 1 ...

RP/0/RP0/CPU0:Aug 18 01:16:30.034: radiusd[267]: Translating attribute AAA_SVC_TYPE_ATTR

RP/0/RP0/CPU0:Aug 18 01:16:30.037: radiusd[267]: Translating attribute AAA_CONTEXT_ATTR

RP/0/RP0/CPU0:Aug 18 01:16:30.038: radiusd[267]: Translating attribute AAA_IPADDR_ATTR

RP/0/RP0/CPU0:Aug 18 01:16:30.040: radiusd[267]: Translated attribute AAA_IPADDR_ATTR to 
standard RADIUS attr Framed-IP-Address = 0.0.0.0

RP/0/RP0/CPU0:Aug 18 01:16:30.042: radiusd[267]: Translating attribute AAA_TAC_METHOD_ATTR

RP/0/RP0/CPU0:Aug 18 01:16:30.043: radiusd[267]: RADIUS: Initial Transmit id 29 (16) 
12.26.37.2:0, Accounting-Request, len 64

RP/0/RP0/CPU0:Aug 18 01:16:30.044: radiusd[267]: Attribute User Name = user1^D

RP/0/RP0/CPU0:Aug 18 01:16:30.044: radiusd[267]: Attribute NAS-IP-Address = 12.22.57.4

RP/0/RP0/CPU0:Aug 18 01:16:30.069: radiusd[267]: RADIUS: Received id 29 (16) 12.26.37.2:0, 
Accounting-response, len 20

RP/0/RP0/CPU0:Aug 18 01:16:30.071: radiusd[267]: Sending sync reply (status PASS) to the 
client

debug tacacs

To display information associated with Terminal Access Controller Access Control System Plus (TACACS+), use the debug tacacs command in EXEC mode. To disable debugging output, use the no form of this command.

debug tacacs {accounting | authentication | authorization | configuration | detail | io}

no debug tacacs {accounting | authentication | authorization | configuration | detail | io}

Syntax Description

accounting	Displays TACACS+ accounting debug information.
authentication	Displays TACACS+ authentication debug information.
authorization	Displays TACACS+ authorization debug information.
configuration	Displays TACACS+ configuration debug information.
detail	Displays detailed TACACS+ debug information.
io	Displays TACACS+ AAA messages.

Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release	Modification
Release 2.0	This command was introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was supported on the Cisco XR 12000 Series Router.
Release 3.3.0	Added the io keyword.
Release 3.4.0	No modification.
Release 3.5.0	No modification.
Release 3.6.0	No modification.
Release 3.7.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

TACACS+ is a distributed security system that secures networks against unauthorized access. Cisco supports TACACS+ under the authentication, authorization, and accounting (AAA) security system.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID	Operations
aaa	read

Examples

The following example shows debug output from TACACS+ and the resulting show command output when executing a command:

RP/0/RP0/CPU0:router# debug tacacs

RP/0/RP0/CPU0:router# show debug all

RP/0/RP0/CPU0:Aug 18 01:18:10.255: tacacsd[305]: tacacsd received a message

RP/0/RP0/CPU0:Aug 18 01:18:10.256: tacacsd[305]: Using server group # 2001

RP/0/RP0/CPU0:Aug 18 01:18:10.257: tacacsd[305]: Checking server 12.26.25.61 ...

RP/0/RP0/CPU0:Aug 18 01:18:10.257: tacacsd[305]: Selected server - 12.26.25.61/11000

RP/0/RP0/CPU0:Aug 18 01:18:10.257: tacacsd[305]: Unsupported method <notset>

RP/0/RP0/CPU0:Aug 18 01:18:10.258: tacacsd[305]: [session 71AC39DA] packet 
ACCT/REQUEST/STOP selected server 12.26.25.61/11000 socket 24

RP/0/RP0/CPU0:Aug 18 01:18:10.258: tacacsd[305]: Starting timer for 5 seconds

RP/0/RP0/CPU0:Aug 18 01:18:10.259: tacacsd[305]: Attach socket handler for condition 0x10A

RP/0/RP0/CPU0:Aug 18 01:18:10.259: tacacsd[305]: Sending reply to client by TACACSD

RP/0/RP0/CPU0:Aug 18 01:18:10.261: tacacsd[305]: Packet ACCT/REQUEST/STOP (session 
71AC39DA) to server 12.26.25.61

RP/0/RP0/CPU0:Aug 18 01:18:10.266: tacacsd[305]: Attach socket handler for condition 0x109

RP/0/RP0/CPU0:Aug 18 01:18:10.277: tacacsd[305]: Reconnect lock acquired in thread 3

RP/0/RP0/CPU0:Aug 18 01:18:10.278: tacacsd[305]: Error condition 2000 on socket 24

RP/0/RP0/CPU0:Aug 18 01:18:10.279: tacacsd[305]: Queueing the request back to to-be-sent 3

RP/0/RP0/CPU0:Aug 18 01:18:10.281: tacacsd[305]: Creating socket connection to TACACS+ 
server 12.26.25.61/11000

RP/0/RP0/CPU0:Aug 18 01:18:10.389: tacacsd[305]: Using source address 12.22.57.4

RP/0/RP0/CPU0:Aug 18 01:18:10.390: tacacsd[305]: Socket created 24

RP/0/RP0/CPU0:Aug 18 01:18:10.390: tacacsd[305]: Reuse address option set on socket

RP/0/RP0/CPU0:Aug 18 01:18:10.390: tacacsd[305]: Keepalive option set on socket

RP/0/RP0/CPU0:Aug 18 01:18:10.407: tacacsd[305]: Socket bound successfully with source 
address 12.22.57.4

RP/0/RP0/CPU0:Aug 18 01:18:10.450: tacacsd[305]: Socket connected successfully

RP/0/RP0/CPU0:Aug 18 01:18:10.451: tacacsd[305]: Socket 24 to 12.26.25.61/11000 opened

RP/0/RP0/CPU0:Aug 18 01:18:10.451: tacacsd[305]: Attach socket handler for condition 0x10A

RP/0/RP0/CPU0:Aug 18 01:18:10.452: tacacsd[305]: Packet ACCT/REQUEST/STOP (session 
71AC39DA) to server 12.26.25.61

RP/0/RP0/CPU0:Aug 18 01:18:10.453: tacacsd[305]: Attach socket handler for condition 0x109

RP/0/RP0/CPU0:Aug 18 01:18:10.552: tacacsd[305]: V0 REPLY (session 71AC39DA) from server 
12.26.25.61

RP/0/RP0/CPU0:Aug 18 01:18:10.553: tacacsd[305]: Response hdr: version 0xC0, type 3, seq # 
2, flag 0x1, session 1907112410, len 5

RP/0/RP0/CPU0:Aug 18 01:18:10.554: tacacsd[305]: Attach socket handler for condition 0x0

####  debug flags set from tty 'con0_0_CPU0'  ####

tacacs basic flag is ON

Related Commands

Command	Description
debug aaa	Provides detailed information about AAA processing.

debug task

To display debug task ID authorization information for the logged-in user, use the debug task command in EXEC mode. To disable debugging output, use the no form of this command.

debug task [detail]

no debug task [detail]

Syntax Description

detail

(Optional) Displays detailed task ID authorization information (for the logged-in user).

Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release	Modification
Release 2.0	This command was introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was supported on the Cisco XR 12000 Series Router.
Release 3.3.0	No modification.
Release 3.4.0	No modification.
Release 3.5.0	No modification.
Release 3.6.0	No modification.
Release 3.7.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID	Operations
aaa	read

Examples

The following example shows debug output from the debug task command and the resulting show output:

RP/0/RP0/CPU0:router# debug task

RP/0/RP0/CPU0:router# show debug all

RP/0/RP0/CPU0:Aug 18 01:19:43.422: parser[255]: Created task table at 8292518

RP/0/RP0/CPU0:Aug 18 01:19:43.439: parser[255]: Created task table at 8292518

RP/0/RP0/CPU0:Aug 18 01:19:43.449: parser[255]: Created task table at 8292518

RP/0/RP0/CPU0:Aug 18 01:19:43.475: parser[255]: Created task table at 8292518

####  debug flags set from tty 'con0_0_CPU0'  ####

task basic flag is ON

On logging onto the router from a vty

RP/0/RP0/CPU0:router# RP/0/RP0/CPU0:Aug 18 01:21:10.315: locald[233]: Created task table 
at 809be14

Related Commands

Command	Description
debug aaa	Displays debug information related to task ID processing (using the task keyword).